CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...

Design/Logic Flaw

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...

CVE-2017-17845

An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random is used by pretty Easy privacy pEp, aka TBE-01-001...

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs...

CVE-2015-9019

CVE-2015-9019 affects libxslt 1.1.29 and earlier, where the EXSLT math.random function is not initialized with a random seed at startup, which could cause predictable outputs. The Connected Documents confirm this CVE entry and describe the root cause (missing random seed) and the affected version...

Insecure Entropy Source - Math.random()

Overview Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later. References - Issue 108 - Issue 122 - GitHub Advisory...

CVE-2016-1927

The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach...

FreeBSD : phpmyadmin -- Insecure password generation in JavaScript (6f0c2d1b-c60b-11e5-bf36-6805ca0b3d42)

The phpMyAdmin development team reports : Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

phpmyadmin -- Insecure password generation in JavaScript

The phpMyAdmin development team reports: Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers. We consider this vulnerability to be non-critical...

Google Chrome <= 6.0.472 'Math.Random()' Random Number Generation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36185/info Google Chrome is prone to security vulnerability that may allow the application to generate weak random numbers. Successfully exploiting this issue may allow attackers to obtain sensitive information or gain...

Scientific Linux Security Update : firefox on SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...

Apple Safari for Windows &#40;4.0.2-4.0.5, 5.0-5.0.2&#41; Math.random&#40;&#41; predictability

Hi list Earlier this year, Trusteer discovered a vulnerability in Apple Safari for Windows versions 4.0.2-4.0.5 and 5.0-5.0.2. The issue is in the Javascript Math.random function, which is implemented in Safari via its WebKit core. Trusteer reported this vulnerability to Apple and to WebKit.org...

Mozilla Firefox Information Disclosure Vulnerability (Windows)

The host is installed with Mozilla Firefox and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodmozillafirefoxinfodiscvulnwin.nasl 5394 2017-02-22 09:22:42Z teissa $ Mozilla Firefox Information Disclosure Vulnerability Windows Authors: Madhuri D Copyright:...

Mozilla Firefox Information Disclosure Vulnerability - Windows

Mozilla Firefox is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-3171

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...

CVE-2010-3171

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...

CVE-2010-3171

CVE-2010-3171 relates to the Firefox JavaScript Math.random() seed being initialized only once per document object, making it easier for remote attackers to track a user or trigger in-session phishing via spoofed pop-ups. The issue ties to an underlying fix (CVE-2008-5913) that was not fully corr...